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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the Wiling date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35. U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). N 

Status 

1 )S Responsive to communication(s) filed on 12 April 2007 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) £3 Claim(s) 9-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) E] Claim(s) £23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner, 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 
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1 .□ Certified copies of the priority documents have been received. 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed 4/1 2/2007 have been fully considered but they are not 
persuasive. 

2. The applicant argues the following: 

Specifically, for example, the Examiner has not shown where either Spicer or Harsch discloses 
receiving a stream of spurious bytes from the external proxy server if there is nothing pending for the 
internal network device. The Examiner asserts this limitation is disclosed by Harsch between line 54 of 
Column 4 and line 5 of Column 5. However, this passage appears to be concerned with the use of a 
"keep-alive" method that holds open a connection with a network device. In the keep-alive method, a 
client sends intermittent messages to a server to keep the connection between the two up on the server 
side. The intention is to signal the server so that the server does not close the connection. The keep-alive 
packet is understood by the server as sent for that purpose and discarded by a standing arrangement 
('protocol'). In short, the goal of Harsch appears to be to stop the server itself from dropping the 
connection and the keep-alive method is an effective method for doing so. On the other hand, Applicants' 
claims are directed toward preventing an intervening security device from dropping the connection. 
Applicants do not use a keep-alive method, and instead use a stream of spurious bytes to keep a 
connection open. The keep-alive method and the use of spurious bytes are not the same. A security 
device may recognize the keep-alive protocol, detect the keep-alive messages, and close the connection. 
Applicants' claimed invention sends spurious bytes to prevent an intervening security device, which 
merely passes bytes on, from concluding that the connection is stale. Spurious bytes are not understood 
by the security device and are mistaken by it for real data. Further, keep-alive packets are explicitly 
intermittent packets that are sent versus a steady stream of bytes. Harsch does not appear to mention 
anything analogous to the stream of bytes as described and claimed by Applicants. 

3. The examiner disagrees for two reasons. 

4. First, the applicant asserts that the Applicants 5 claims are directed toward preventing an 
intervening security device from dropping the connection whereas Harsch is directed towards 
preventing a server from dropping the connection. However, this assertion by the applicant is 
not supported by the language of claim 9. Claim 9 is directed towards a proxy agent executing 
the step of "receiving a stream of spurious bytes from the external proxy server if there is 
nothing pending for the internal network device". There is nothing in claim 9 about any 
intervening device performing any analysis on the data being sent from the external proxy server 
to the proxy agent. Therefore claim 9 is broad enough to cover any keep alive message 
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5. Second, the assertion that, "A security device may recognize the keep-alive protocol, 
detect the keep-alive messages, and close the connection" is not based on any factual evidence. 
Specifically, the keep-alive messages taught by Harsch are unique to the invention of Harsch so 
it is unclear how a security device would be programmed to detect the keep-alive packets sent by 
Harsch. The keep-alive packets described by Harsch (See col. 13, lines 3-25) read directly on ■ 
the "spurious bytes" taught by the applicant which are vaguely described as "being returned in a 
slow stream" (page 9, lines 23-24) and "trickling down" (page 10, line 1). There is no limiting 
definition of a spurious byte in the applicant's specification. It is the Examiner's position that 
the keep-alive packets taught by Harsch can be "returned in a slow stream" and "trickled down" 
and therefore they read directly on the applicant's specification. If the applicant is implying that 
a spurious byte has some special properties that give the "spurious byte" the ability to elude 
detection from security devices, such properties are not disclosed or claimed. 

Claim Rejections -35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 9-10, 13-15, 20 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Number 7,007,093 to Spicer et al. in view of U.S. Patent Number 7,088,698 to 
Harsch et aL. 
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8. As to claim 9, Spicer teaches a method of accessing an internal network device on a 
protected network, the network including a security device, the method comprising: storing data 
addressed to the internal network device in an external proxy server (col. 4, lines 4-24, the Proxy 
Server 1 14 stores data addressed to the Network Resources 104.); maintaining a proxy agent on 
the protected network, the proxy agent executing the step of: polling the external proxy server for 
data addressed to the internal network device, where polling includes: connecting to the external 
proxy server to check for pending traffic (col. 4, lines 4-24, the Polling Server 116 polls the 
Proxy Server 1 14); receiving from the external proxy server when the external proxy server has 
received data from a client (col. 4, lines 4-24, Polling Server receives client request for Network 
Resources 104); forwarding to the internal network device any data on the external proxy server 
and addressed to the internal network device; and forwarding to the external proxy server any 
data addressed to an external device in communication with the external proxy server (col. 4, 
lines 4-24, the Network Resources 104 are disclosed as being printers and file servers and other 
similar devices which inherently send responses); however Spicer does not explicitly teach the 
external proxy server sending a stream of spurious bytes if there is nothing pending for the 
internal network device. 

Harsch teaches a method of receiving a stream of spurious bytes from a proxy server if 
there is nothing pending for the network device (col. 4, line 54-col. 5, line 5, the keepalive packet 
is considered spurious bytes to maintain the connection). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Spicer regarding communication through a 
private network with the teachings of Harsch regarding the transmission of spurious bytes 
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because spurious bytes keep communication channels open and thus preventing communication 
channels from being prematurely closed (Harsch, col. 9, lines 47-59). 

9. As to claim 10, Spicer teaches a method of polling the external server at regular intervals 
(col. 4, lines 4-24). 

1 0. As to claim 13, Harsch teaches a method of multiplexing multiple requests from the 
proxy agent to proxy server through the same connection (col. 4, line 54-col. 5, line 5 5 the 
connection is kept open so multiple requests can be made). 

11. As to claim 14, Spicer teaches a method of maintaining by the proxy server maps 
between local TCP/IP ports of the proxy server and private IP addresses on the protected 
network, the maps being distinguished by an identity of the proxy agent used to access them (col. 
4, lines 4-44). 

12. As to claim 1 5, Spicer teaches a method of publishing by each proxy agent a list of 
addresses it can reach to the external proxy server, the external proxy server using this list to 
create a respective map between local ports and proxy agents (col. 4, line 55-col. 5, line 15). 

13. As to claim 20, Spicer teaches a method of providing network administrators control over 
the system including granting administrators the ability to allow and deny entry into the 
protected network on a per session basis (col. 4, line 55-col. 5, line 15). 

14. As to claim 22, Spicer teaches a method of providing a network administrator control 
over the system including granting administrators the ability to allow and deny entry into the 
protected network on a per session basis (col. 8, lines 39-58). 
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15. Claim 11-12, 16, 20-21, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Number 7,007,093 to Spicer et al. in view of U.S. Patent Number 7,088,698 to 
Harsch et al. in further view of U.S. Patent Number 6,510,464 to Grantges Jr. et al.. 

16. As to claim 1 1, the Spicer- Harsch combination does not explicitly teach the use of two 
separate protocols to inside and outside the private network. 

Grantges Jr. teaches a method of communicating by an internal network device with a 
proxy using a first network protocol and an external network device communicating with the 
proxy using a second protocol (Figure 7). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of the Spicer- Harsch combination regarding 
communication to devices on a private network with the teachings of Grantges, Jr. regarding the 
use of different protocols inside and outside of the private network because some connections 
may be required to be secure. 

17. As to claim 12, Grantges Jr. teaches a method wherein data addressed to an internal 
network device using a second network protocol is transmitted to the internal device using the 
first protocol so that the second protocol is carried to the internal network device inside the first 
network protocol (HTTP traffic is encrypted using HTTPS). 

18. As to claim 16, the Spicer- Harsch combination does not explicitly teach ensuring cookie 
delivery. 

Grantges, Jr. teaches a proxy server that ensures proper cookie routing (col. 11, line 63- 
col. 12, line 10). 
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It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of the Spicer- Harsch combination regarding a 
system for communicating with private network devices with the teachings of Grantges, Jr. 
regarding the routing of cookies because cookies are commonly communicated during HTTP 
communication. 

19. As to claim 18 and 19, they are rejected for the same reason as claims 1 1 and 12. 

20. As to claim 20, Grantges Jr. teaches the use of X.509 certificates (Fig 7). 

21 . As to claim 21, the Spicer- Harsch combination teaches the method of claim 9 however 
the Spicer- Harsch combination does not explicitly teach rewriting cookies with unique 
identifiers. 

Grantges Jr. teaches rewriting cookies with unique identifiers to prevent inadvertent 
transmission of private information to an incorrect recipient on the protected network (col 9, line 
54-col. 10, line 5). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of the Spicer- Harsch combination regarding a 
system for communicating with private network devices with the teachings of Grantges, Jr. 
regarding the routing of cookies because cookies are commonly communicated during HTTP 
communication. 

22. As to claim 23, the Spicer- Harsch combination teaches the method of claim 9 however 
the Spicer- Harsch combination does not explicitly teach granting a key for access. 

Grantges teaches a method wherein access is conferred by granting a key with a 
predetermined life span (col. 7, lines 63-col. 8, line 14). 
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It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of the Spicer- Harsch combination regarding a 
system for communicating with private network devices with the teachings of Grantges, Jr. 
regarding granting a key because keys are commonly used to identify requesters. 

Conclusion 

23. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

24. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas B. Blair whose telephone number is (571) 272-3893. 
The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Douglas Blair 





ANDREW CALDWELL 
SUPERVISORY PATENT EXAMINER 



